Friday, April 29, 2011

Discovering the Business Value of Identity and Access Intelligence

Great blog by Mark Dixon on the business value of identity and access intelligence. Mark's Discovering Identity blog is always full of great insights so I will quote a few from his IAI posting.

Mark puts forth several business benefits that IAM intelligence delivers. The top one for Veripyr's customers is how IAI makes it possible to "Turn Data into Insight, and Insight into Action".
"Turn Data into Insight, and Insight into Action. ... the amount of relevant Identity and Access data is immense. That raw data does little good unless we can effectively organize and analyze such data so effective business decisions can be made and intelligent action can be taken as a result." - Mark Dixon, Discovering Identity
Benefits from Automation
Mark also lists a number of benefits from an automated IAI process. Veriphyr customers would agree with all of these benefits. Of course, one of the benefits they like the most is that Veriphyr delivers IAI as a Service (IAIaaS) so there is no hardware or no onsite software.
  • Repeatability. Manual methods may vary as different people become involved at different parts of the process, causing variabiltiy in results from cycle to cycle.
  • Auditability. Manual methods are more difficult to audit, because of the variability in the human part of the process.
  • Cost control. The costs of manual methods often exceed automated processes, because the labor content of the process recurs in every cycle. Automated methods can reduce these costs.
To read Mark's entire posting go to Discovering Identity
Download a white paper on Identity and Access Intelligence as a service. Learn how an on-demand, pay-per-use service deliver businss insights- with no hardware and no on-site software.
Sources:
(a) Business Value from Identity and Access Intelligence - Mark Dixon, Discovering Identity, April 27, 2011


Thursday, April 28, 2011

Veriphyr Named Cool Vendor in Identity and Access Management by Leading Analyst Firm

Identity and Access Intelligence SaaS Provider Selected for Report that Recognizes Innovative, Impactful and Intriguing Vendors, Products and Services

April 28, 2011 – Veriphyr, a leading provider of Identity and Access Intelligence (IAI), has been included in the list of "Cool Vendors" in the April 21 report titled "Cool Vendors in Identity and Access Management, 2011" by Ray Wagner et al, of Gartner, Inc.

Veriphyr’s identity and access intelligence SaaS solution proactively detects data privacy breaches and inappropriate access to applications, databases, and systems. The company’s advanced data analytics transform identity, rights, and activity data into actionable intelligence for business managers responsible for privacy, compliance, risk, and security.
We believe being named a Cool Vendor by Gartner confirms Veriphyr’s unique approach to providing identity and access intelligence as a SaaS solution. that companies can consume on a pay-for-use basis,” said Alan Norquist, Founder and CEO of Veriphyr. “The Veriphyr service reveals underlying access patterns and over privileged accounts that can lead to security threats and compliance violations. By analyzing actual activity rather than expected activity and access information from directories, applications, systems, and policy repositories we provide intelligence that clients need to prevent data leaks and privacy violations.”
According to Gartner, “several segments of the identity and access management (IAM) market continue to experience significant innovation in technology, product and service offerings. Chief information security officers and other security professionals should familiarize themselves with Gartner's 2011 Cool Vendors in IAM, and with the potential business benefits they offer.”

Identity and Access Intelligence
Veriphyr is the originator of a new technology category, called IAI, which uses advanced data analytics to mine identity, rights, and activity data for intelligence that is useful not only for IT operations, but also for broader business operations.

Unlike traditional Identity and Access Management (IAM) products, IAI focuses on the needs of business managers, who typically have the best knowledge of what resources their direct reports should or should not be accessing, when they should be accessing it, and how much resource utilization is appropriate. IAI improves the IAM process with intelligence about actual rather than expected usage and privileges, which is needed for a successful project implementation.

About Gartner's Cool Vendors Selection Process
Gartner's listing does not constitute an exhaustive list of vendors in any given technology area, but rather is designed to highlight interesting, new and innovative vendors, products and services. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness of a particular purpose.

Gartner defines a cool vendor as a company that offers technologies or solutions that are: Innovative, enable users to do things they couldn't do before; Impactful, have, or will have, business impact (not just technology for the sake of technology); Intriguing, have caught Gartner's interest or curiosity in approximately the past six months.

About Veriphyr
Veriphyr Identity and Access Intelligence (IAI) service discovers data privacy breaches and inappropriate access to applications, databases, and systems. Veriphyr applies advanced data analytics to transform identity, rights, and activity data into actionable intelligence for business management in privacy, compliance, and security.

Veriphyr’s on-demand SaaS model starts delivering intelligence in days not months. There’s no hardware or software to install and no integration needed with existing systems. Veriphyr analyzes commercial and custom applications across a range of systems, including mainframe, midrange, Linux/Unix, and Windows servers.

For more visit our website at www.Veriphyr.com, browse our blog at blog.Veriphyr.com and follow us on Twitter at twitter.com/Veriphyr

Editorial Contact: Marc Gendron, Marc Gendron PR, 781-237-0341, marc@mgpr.net

###

Veriphyr is a trademark of Veriphyr, Inc. in the United States. All other trademarks, trade names or service marks used or mentioned herein belong to their respective owners.

Wednesday, April 27, 2011

Increase Productivity 5-6% with Data-Driven Decision Making

According to new research at MIT, firms where decision making is based on data and analytics have output and productivity 5-6% higher than firms with similar investments and information technology usage.
“To the best of our knowledge, this is the first quantitative evidence of the anecdotes we’re been hearing about - Erik Brynjolfsson, MIT Sloan School of Management
The findings are based on detailed survey data on the business practices and information technology investments of 179 large publicly traded firms. The researchers contrasted decisions based primarily on “data and analysis” with traditional management by “experience and intuition.”
Download a Service Brief on Identity and Access Intelligence and learn how our data driven technology can put actionable insights in the hands of your business leaders.
"The biggest change facing corporations is the explosion of data," according to David Grossman, technology analyst at Stifel Nicolaus, and "The best business is in helping customers analyze and manage all that data."

Sources:
(a) Strength in Numbers: How Does Data-Driven Decision Making Affect Firm Performance? - Sloan School of Management, April 23, 2011
(b) When There’s No Such Thing as Too Much Information - New York Times, April 22, 2011


Tuesday, April 26, 2011

Ex-Hospital Employee Jailed for Patient Identity Theft

A former hospital employee was convicted of disclosing individually identifiable health information and sentenced to 24 months in prison, including 12 months of home confinement, to be followed by 3 years of supervised release.

Between April 27, 2009 and September 29, 2010 the employee stole patient information from the emergency room and her co-conspirators obtained fraudulent bank accounts and debit cards in the names of those patients.
"While it may be impossible to absolutely prevent an employee from violating our values and policies for personal gain, we are determined to take all necessary steps to review and strengthen our administrative procedures to ensure that we are providing the highest level of data security possible." - Patrick Taylor, M.D., president and CEO, Holy Cross Hospital
The hospital was notified by the U.S. Attorney's Office and U.S. Postal Inspection Service when a criminal investigation identified a hospital employee as the source of identity data. When confronted, the employee admitted improper conduct and was immediately terminated by the hospital.
Download a white paper on medical records privacy breach detection as a service. Learn how an on-demand, pay-per-use service can cost effectively address the HIPAA/HITECH privacy and security rules - with no hardware and no on-site software.
Sources:
(a) Former Hospital Employee Sentenced for Stealing and Disclosing Patient Information - U.S. Attorney’s Office, Southern District of Florida, April 15, 2011
(b) ID Protection Page at Holy Cross Hospital - Holy Cross Hospital Website, November 2010


Monday, April 25, 2011

Doctor's Facebook Post Results in Termination and Reprimand

A Rhode Island hospital terminated a doctor's clinical privileges when the doctor inadvertently breached a patient's medical privacy through a Facebook post.

In addition, Rhode Island’s medical licensing board has ordered the doctor to pay a $500 administrative fee and attend a continuing education course.
The physician's Facebook post described clinical experiences without the patient names. But the description of the injuries was sufficient for an third party to identify the patient by name.
The doctor is now said to be practicing at a different hospital in Rhode Island.
Download a white paper on medical records privacy breach detection as a service. Learn how an on-demand, pay-per-use service can cost effectively address the HIPAA/HITECH privacy and security rules - with no hardware and no on-site software.
Sources:
(a) RI doctor reprimanded over Facebook post" - Boston Herald, April, 2011

Thursday, April 21, 2011

Business Intelligence Market Surpasses $10 Billion

Light Footprint, Domain Specific BI Applications are Proliferating

Worldwide business intelligence software revenue reached $10.5 billion in 2010, up 13.4% over 2009, according to Gartner, Inc.
"A new wave of lighter footprint data discovery tools and analytic applications are proliferating in business units. Business users ... want domain-specific functionality and usability that meet their needs." - Gartner, Inc
“BI spending has far surpassed IT budget growth overall for several years, and it is clear that BI continues to be a technology at the center of information-driven initiatives in organizations," according to Dan Sommer, principal research analyst at Gartner.
Download a white paper on Identity and Access Intelligence delivered as a light footprint service. Learn how an on-demand, pay-per-use service deliver businss insights- with no hardware and no on-site software.
Sources:
(a) "Market Share Analysis: Business Intelligence, Analytics and Performance Management Software, Worldwide, 2010" - Gartner, April 11, 2011
(a) "Market Share: All Software Markets, Worldwide, 2010" - Gartner, Marc 30, 2011


Wednesday, April 20, 2011

ANSI Study of Patient Privacy Breaches Joined by ISA

The Internet Security Alliance (ISA) has joined ANSI/Shared Assessments PHI Project on the impact of unauthorized access to protected health information (PHI). The “PHI Project” was formally kicked off on April 7th via a two-hour webinar involving Veriphyr's Nicole Borner and 109 other participants.
"The financial impact on an enterprise that suffers a breach of PHI is significant, as is the potential reputational harm to an individual whose data has been compromised." - Larry Clinton, ISA chief executive officer
The PHI Project aims to develop a report of its analysis within just a few months time. Veriphyr's Nicole Borner will be part of the ecosystem subcommittee that will define points of compromise in the healthcare ecosystem where there are risks of exposure.
Download a white paper on medical records privacy breach detection as a service. Learn how an on-demand, pay-per-use service can cost effectively address the HIPAA/HITECH privacy and security rules - with no hardware and no on-site software.
Sources:
(a) Internet Security Alliance Partners with ANSI and Shared Assessments for Launch of Project on Financial Impact of Breached Protected Health Information - the American National Standards Institute (ANSI), April 19, 2011


Monday, April 18, 2011

Policeman Abuses Government Database to Breach Privacy of His Wife's Ex-Husband

A police officer breached privacy laws by looking up his wife's ex-husband on the National Intelligence Application (NIA). The officer's wife used the leaked information in her custody fight with her ex-husband.

An investigation by the Privacy Commissioner concluded the police failed to take reasonable steps to ensure the security of the personal information. The officer was found to have breached two principles of the New Zealand Privacy Act by looking at the ex-husband's file 17 times over four years.
"It is my view that you have suffered harm of this type based on the fact that Senior Constable ... has used his privileged position within police to access your NIA records primary to promote his interests over yours." - Mike Flahive, Assistant Privacy Commissioner
No Investigation for 2 Years
The ex-husband said he was "totally disgusted" it took police 2 years to investigate his complaint. In 2007, he reported a suspected leak to the Waitemata police in 2007 when his private details were included in an affidavit his ex-wife filed with the Family Court. However, no action was taken until 2009 when he complained to the Privacy Commissioner and the Independent Police Conduct Authority.
Download a white paper on how an Identity and Access Intelligence service can cost effectively discover insider data privacy breaches - with no hardware and no on-site software.
The police have not revealed what disciplinary action was taken even though unauthorized checks can be grounds for dismissal under the police code of conduct. The case has been referred to the director of the Human Rights Proceedings, who may take a case before the Human Rights Review Tribunal.

More Data Privacy Breaches by Police in New Zealand
In 2009, it was revealed that random monthly audits caught 33 offices making unauthorized checks over the previous 2 years on the National Intelligence Application (NIA). Nine officers later resigned. The audits were introduced after officers were caught looking at the personal file of a complainant in a high-profile police sex case.

The NIA database holds information on people's criminal convictions, whether they are wanted by police or are a surveillance target, as well as, details on criminals' associates and their addresses.

Sources:
(a) Policeman's leak of data breached privacy law - The Herald, April 18, 2011
(b) Officer leaked police data to wife - The Herald, February 4, 2011
(c) New Zealand Privacy Act 1993 No 28 (as at 01 April 2011), Public Act"
(d) New Zealand National Intelligence Application (NIA)


Monday, April 11, 2011

Fired Employee Wreaks Havoc Using Fictitious Employee Access Rights He Set Up Before Being Fired

It is no longer sufficient to disable the access of employees when they are terminated. As this incident demonstrates you must discover and disable dormant or bogus accounts that terminated employees can use as a backdoor into your systems.

A Gucci employee created an account for a fictitious employee well before he was fired. Then after he was terminated and his own accounts were disabled he used the fictitious employee account to access Gucci systems.
Learn how an Identity and Access Intelligence service can detect bogus user accounts and other access vulnerabilities- with no hardware and no on-site software.
According to New York District Attorney's office indictment, the attack caused more than $200,000 in damages by shutting down servers, deleted emails, and preventing Gucci employees from accessing email for 24 hours.
"This Office's Cybercrime and Identity Theft Bureau is committed to preventing and prosecuting crimes such as the one charged in today's indictment." - Cyrus R. Vance Jr., Manhattan District Attorney
The 50-count indictment charges him with unauthorized use of a computer, unlawful duplication of computer-related material and other charges. If convicted he could face up to 15 years in jail. Sources:
(a) Former Gucci Employee Charged in Computer Hacking Case - Wall Street Journal, April 2011


Saturday, April 9, 2011

Mostashari Named New National Health IT Coordinator

Farzad Mostashari was named the new national coordinator for health information technology by Kathleen Sebelius, secretary of Health and Human Services.

One of Mostashari immediate goals will be to issue a final version of the Federal Health IT Strategic Plan: 2011-2015, which will update the health care industries approach to IT privacy and security issues.

Mostashari emphasized the importance of patient data privacy and security as one of his top concerns, when he testified before the Senate Special Committee on Aging in the Spring of 2010.
"While there is evidence that certain telehealth applications can improve care and reduce certain unnecessary costs, more information is needed about ... how to assure privacy and security of health information shared through these technologies.." - Farzad Mostashari, MD, ScM, National Coordinator for Health Information Technology
"I think he’s a problem-solver, someone who brings people together. God knows we need that kind of facilitative, collaborative approach with all that’s going on in healthcare right now, " said Dr. William Bria, CMIO at Shriners Hospitals for Children and president of the Association of Medical Directors of Information Systems (AMDIS)
Download a white paper on medical records privacy breach detection as a service. Learn how an on-demand, pay-per-use service can cost effectively address the HIPAA/HITECH privacy and security rules - with no hardware and no on-site software.
Previously, Mostashari was Assistant Commissioner for the Primary Care Information Project at the New York City Department of Health and Mental Hygiene. There he facilitated the adoption of prevention-oriented health information technology by over 1,500 providers in underserved communities, according to his biography on the ONC site.

Sources:
(a) Farzad Mostashari Named New Head of ONC - Journal AHIMA, April, 8 2011
(b) Farzad Mostashari, MD, ScM, National Coordinator for Health Information Technology - Coordinator for Health Information Technology Website, April 2011
(c) Testimony Before the Senate Special Committee on Aging, Statement of Farzad Mostashari, MD, MPH, - Farzad Mostashari, MD, MPH, Senior Advisor, Office of the National Coordinator for Health IT U.S. Department of Health and Human Services, April 22, 2010
(d) Healthcare leaders hail selection of Mostashari to lead ONC - ModernHealthcare.com, April 22, 2010


Friday, April 8, 2011

HIPAA Violation Indictments for 2 Medical Office Assistants

United States Attorney and U.S. Secret Service announced indictment of twelve individuals in a massive identity theft and bank fraud scheme.
Two medical office assistants were charged with violations of HIPAA laws for stealing patient identification information. If convicted each face a maximum statutory term of ten (10) years’ imprisonment for the HIPAA violations.
Moreover, the two medical office assistants were charged, along with 10 others, with conspiracy to commit bank fraud, access device fraud and identity theft

The stolen personal identification information (PII) was used to deplete the victim's bank accounts and incur credit card charges as high as $128,000 in one case.
Download a white paper on medical records privacy breach detection as a service. Learn how an on-demand, pay-per-use service can cost effectively address the HIPAA/HITECH privacy and security rules - with no hardware and no on-site software.
NOTE: An Indictment is only an accusation, and defendant are presumed innocent until and unless proven guilty beyond a reasonable doubt.

Sources:
(a) Medical office assistants and broward school board employee among twelve charged in bank fraud and identity theft ring - The United States Attorney's Office of the Southern District of Florida, April 5, 2011


Thursday, April 7, 2011

Do Accountable Care Organizations (ACO) rules adequately address patient data privacy?

Proposed rules about Accountable Care Organizations (ACOs) were released by the U.S. Department of Health and Human Services (HHS) under Secretary Kathleen Sebelius.

The goal of ACOs is to allow health care providers to share patient medical records to coordinate treatment for individual patients across hospitals, long-term care facilities, and doctor’s offices.
"ACO will comply with the limitations on the use and disclosure of individually identifiable health information that the HIPAA Privacy Rule places on HIPAA covered entities, as well as all other applicable privacy and confidentiality requirements;." - Centers for Medicare & Medicaid Services (CMS), HHS
The HHS is "particularly interested in comments on the kinds and frequency of data that would be useful to ACOs, potential privacy and security issues, and the implications for sharing protected health information with ACOs, and the use of a beneficiary opt-out, as opposed to an opt-in, to obtain beneficiary consent to the sharing of their information."

What are your thoughts? Do the proposed rules for Accountable Care Organizations appropriately address patient data privacy concerns? Please post your comments and suggestions.
Download a white paper on medical records privacy breach detection as a service. Learn how an on-demand, pay-per-use service can cost effectively address the HIPAA/HITECH privacy and security rules - with no hardware and no on-site software.
Sources:
(a) Affordable Care Act to improve quality of care for people with Medicare - HHS Press Office, March 31, 2011
(b) Medicare Program; Medicare Shared Savings Program: Accountable Care Organizations - Medicare Program; Medicare Shared Savings Program: Accountable Care Organizations
(c) Medicare Program; Medicare Shared Savings Program: Accountable Care Organizations - Centers for Medicare & Medicaid Services (CMS), HHS, March 31, 2011 (NOTE: This link is no longer working and the document seems to be unavailable on the internet.)


Wednesday, April 6, 2011

Nurse Resigns over HIPAA Privacy Breach of Electronic Protected Health Information

New developments in the HIPAA data privacy breach at the University of Iowa hospital. (see 3 Fired for Snooping on Electronic Health Records (EHR) of College Football Players )

One of the nurses who allegedly snooped on the electronic protected health information (ePHI) of university football players will be able to resign rather than be fired.
"She maintains her innocence and she told us she never wanted to work for the university again." - John Stellmach, president of American Federation of State, County and Municipal Employees Local 12
According to her local union, if the nursed had fought her dismissal and won, it would only yield her $200 in back pay because any award would be reduced by the income from her new job, unemployment benefits, and taxes.
Download a white paper on medical records privacy breach detection as a service. Learn how an on-demand, pay-per-use service can cost effectively address the HIPAA/HITECH privacy and security rules - with no hardware and no on-site software.
Back in February the hospital announced the termination and suspensions of employees for snooping on football players who had received extensive press coverage when they were hospitalized with a muscle disorder following grueling offseason workouts.

To read the previous blog on this incident see: 3 Fired for Snooping on Electronic Health Records (EHR) of College Football Players

Sources:
(a) UI Hospitals and Clinics settle with fired nurse - Associated Press article in Chicago Tribune, April 5,2011
(b) U3 Fired for Snooping on Electronic Health Records (EHR) of College Football Players - Veriphyr Blog, February 10,2011


Tuesday, April 5, 2011

How HIPAA Privacy Officers Reduce Patient Data Privacy Breaches

The American Health Information Management Association (AHIMA) just published a thought provoking article on patient data privacy breaches.

The privacy officers in the article say reducing patient data privacy breaches starts with collecting data on the organization's privacy breaches. Only armed with this data, they say, can one do a critical assessment of the problems.
We try to track violations with enough granularity that we can pinpoint groups of problems. That way we know what to focus on and what we need to educate staff about." - Peg Schmidt, RHIA, chief privacy officer at Aurora Healthcare in Milwaukee, WI
The privacy officers’ experience has led them to place equally importance on trending the data over time and analyzing trends by department and type of violations. From this perspective, they believe, come insights that help focus remediation efforts. Moreover, one privacy officer points out, the systematic analysis of each breach unearths ways to improve privacy organization-wide.
Many people don’t want to come to me until there is a problem—the privacy officer is to be avoided. I want them to realize there’s a better way to do healthcare and HIPAA. We’re here to provide care, perform research, educate clinicians, and to do it in ways that protect privacy.” - John Jenson, CHPS, CIPP, assistant director of privacy and security at University of Minnesota
For more see - journal.ahima.org/2011/04/01/low-tech-threats-in-a-high-tech-world/
Download a white paper on medical records privacy breach detection as a service. Learn how an on-demand, pay-per-use service can cost effectively address the HIPAA/HITECH privacy and security rules - with no hardware and no on-site software.
Sources:
(a) Low-Tech Threats in a High-Tech World - Journal of AHIMA, April 1, 2011


Monday, April 4, 2011

Fired Employee Able to Wreak Revenge Because He Retained Access to Company Computers

One month after being fired, a former CyberLynk employee logged into the company's systems and deleted 300GB of data, including an entire season of the children’s television show "Zodiac Island".

The former employee was charged with a federal computer crime violation and signed a plea agreement for up to five-year in jail and $360,000 in restitution.
"The loss of such a large amount of important data has been devastating" "The data spanned an entire season of show production." - Suit Filed by Television Producer
The television show producer got some restitution from the employee's plea agreement, but it is now suing CyberLynk and the employee for breach of contract, negligence, conversion, and computer fraud.
Learn how an Identity and Access Intelligence service discovers terminated users who retain access and other user access vulnerabilities - with no hardware and no on-site software.
Sources:
(a) Hacker erased a season's worth of 'Zodiac Island' - Los Angeles Times, March 31, 2011
(b) Producer Sues ISP and its Fired Employee, Saying Hack Destroyed Season of Kids’ TV Series - ABA Journal, April 1, 2011
(c) Suit Filing - Courthouse News Service, April 1, 2011


Sunday, April 3, 2011

Police Snoop on Neighbors and Ex-Girlfriends via Classified Computer Data

Dozens of police are alleged to have beached data protection laws by accessing classified data on current partners, ex-partners, neighbors, and family members. In many cases the data was used for personal gain or passed on to third parties.

As a result of the 84 privacy breaches 13 officers were dismissed, 7 resigned and numerous others were given final warnings.
Police superintendent allegedly checked the whereabouts of an ex-partner and information about her current boyfriend using the police computer system.
"The public rightly expect that we maintain the security and integrity of all information held on police databases and it is paramount that we maintain their confidence in our ability to do so.” - Spokesperson for Lancashire Constabulary
Learn how an Identity and Access Intelligence service can cost effectively discover user access vulnerabilities and insider abuse - with no hardware and no on-site software.
Sources:
(a) Lancashire Police officers dismissed for breaching data laws - Big Brother Watch, March 31, 2011


Saturday, April 2, 2011

Attacks by Insiders Are More Costly Than Outsider Attacks

According to the 2011 CyberSecurity Watch Survey, insiders were the cause of 21% of attacks (insiders are employees or contractors with authorized access) while 58% were caused by outsiders (those without authorized access).

However 33% of survey respondents view insider attacks to be more costly than outsider attacks. Moreover, insider attacks are becoming more sophisticated.
"It is a much more challenging problem to defend against insiders stealing classified information or trade secrets to which they have authorized access." - Dawn Cappelli, Tech Manager, Insider Threat Center, CERT
Insider attacks are not just monetarily costly, but survey respondents highlighted the harm to the organization's reputation, especially when an attack involves the theft of confidential or proprietary information.
Learn how an Identity and Access Intelligence service can cost effectively discover user access vulnerabilities and insider abuse - with no hardware and no on-site software.
70% of insider incidents are handled internally without legal action so the general public may be unaware of the number of insider events or the extend of the damage.

The 2011 CyberSecurity Watch Survey is a cooperative effort of CSO, the U.S. Secret Service, the Software Engineering Institute CERT® Program at Carnegie Mellon University and Deloitte.

For the entire report - "2011 CyberSecurity Watch Survey - How Bad Is the Insider Threat?" by CSO, the U.S. Secret Service, the Software Engineering Institute CERT Program at Carnegie Mellon University and Deloitte, January 2011

Sources:
(a) 2011 CyberSecurity Watch Survey: Organizations Need More Skilled Cyber Professionals to Stay Secure - CSO Magazine, January 2011

Friday, April 1, 2011

Board of Directors Increase Focus on IT in the Organization

According to Deloitte, many board of directors view information technology (IT) as crucial to their organizations, given its widespread use at all levels and its role in governance.

Deloitte recommends that IT risks related to compliance with legal and regulatory requirements should be a key part of audit committee members’ discussions with management, the internal auditor, and independent auditors.
"More often, we are seeing companies adding IT to the board agendas. This makes good business sense and helps directors stay abreast of how technology can be used within the organization and to become informed of IT-related matters before they materialize into significant issues." -- Adel Melek, global managing director, IT risk, Deloitte
For the entire report - "The Tech-Savvy Audit Committee", Deloitte Audit Committee Brief, March 2011

In recent related news, Oracle President Mark Hurd, at an all-day conference for Oracle customers, said he thinks corporate boards are going to start taking responsibility for IT security as part of their routine corporate governance duties.
Learn how an Identity and Access Intelligence Service can cost effectively deliver board-level business intelligence- with no hardware and no on-site software.
Sources:
(a) The Tech-Savvy Audit Committee - Deloitte Audit Committee Brief, March 2011
(b) Oracle’s Hurd Says Directors Will Soon Be Auditing IT Security - D | All Things Digital, March 2011

Popular Posts

Copyright © 2010-2011 by Veriphyr Incorporated, All Rights Reserved.

Contact us at Veriphyr.com.